Framework of IPSec

Previous page
Table of content
Next page

Cryptography in plain English is the art of taking data, jumbling it up so it looks nothing like its original form, and being able to put it back in its original form again at some future time. To jumble up data, we take our plaintext data and encrypt it using a special value called a key . This process produces our jumbled-up data, called ciphertext. Ciphertext can travel a public medium and be sniffed by an attacker. The attacker, however, without the correct algorithm and key can in no way decipher the message. So right away, we know that both ends of a secure link must know two very important items. They must know the encrypting algorithm as well as the key used to encrypt and decrypt the data.

A problem these two parties have is obtaining the key and algorithm. They can do a few things such as phone each other and agree on an algorithm and key, but the phone could be tapped, which would allow the attacker to decipher the messages. Therefore, a phone call will not do. They could email the algorithm and key, but the email could be intercepted. Therefore, an email will not work. They could meet somewhere and agree on an algorithm and key in advance. But what happens if they are at opposite ends of a state or the country? This exchange obviously will pose a problem.

As you can see, the art of encryption itself is easy. Obtaining the parameters to encrypt data is difficult, which is what IPSec is all about. Ninety-five percent of IPSec deals not with encrypting data, but with securely exchanging the parameters used to encrypt data and making sure it is not modified in transit.

There are certain things we want when sending data across an insecure medium:

  • We want to be sure we are indeed talking to the person we think we are (peer authentication). This process discourages any type of man-in-the-middle attack.

  • We want to securely exchange the algorithms and keys we are going to use. This process makes cracking our ciphertext harder.

  • We want to use random shared keys for each separate conversation. This process means our data is secure if a particular session just happened to be compromised.

  • We want to make sure our data is confidential (encryption). This process discourages ordinary sniffing attacks.

  • We want to make sure our ciphertext has not been modified in transit (integrity). This process makes sure the data we send is the data our peer received.

  • When sending large amounts of data, we want to make sure our keys are changed at some point, just to be safe.

IPSec uses various protocols and algorithms to ensure that everything in the list occurs.


Previous page
Table of content
Next page
CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
The CISSP and CAP Prep Guide: Platinum Edition
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Postfix: The Definitive Guide
Information Dashboard Design: The Effective Visual Communication of Data
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy